Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004."— Presentation transcript:

1 CSCI 5707: Database Security Pusheng Zhang University of Minnesota Email: pusheng@cs.umn.edupusheng@cs.umn.edu March 2, 2004

2 21.2 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang Motivation Personal Privacy  Q? Have you watched “LOR: The Return of The King”?  Q? Do you like the movie?  Customer profile DB, health information DB, credit rating DB Corporate Security  Trade Secrets – Coke’s Formula  Client Privacy – Swiss Banks, Financial Inst. System Resource Security  Password DB, Worm, Virus, and Hackers Cyber Security  Eavesdropping (unauthorized reading of messages)  Masquerading (pretending to be an authorized user or sending messages supposed from authorized users)

3 21.3 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang Database Security This figure is courtesy of Peter J. Braam, CMU

4 21.4 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang

5 21.5 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang Database Security Goal:  Users only see the data they’re supposed to. (S and A)  Guard against modifications by malicious users (I) What security mechanisms do software systems provide?  User Account Level Access Control  Discretionary: grant/revoke  Mandatory: security levels  Audit Trails: logs  Statistical Database Security: Inference Control  Data Object Level Access Control: encryption

6 21.6 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang Database Administrator Database Administrator (DBA)  Central authority for managing a database system  Responsibilities include:  Create user account and password  Grant privileges  Revoke privileges  Assign security levels

7 21.7 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang

8 21.8 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang GRANT Command  In SQL: GRANT privileges ON objects TO users [WITH GRANT OPTION]  Privileges:  SELECT: can read all columns  INSERT (col-name): –Can insert tuples with non-null or non-default values in this column. –INSERT means same right with respect to all columns  DELECT: can delete tuples  UPDATE (col-name): can update this column  REFERENCE (col-name): can define foreign keys (in other tables) that refer to this column.  WITH GRANT OPTION can pass privilege on to other users

9 21.9 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang Example of GRANT Joe created tables Sailors, Boats, Reserves Q: Joe runs the following  Q1: GRANT SELECT ON Reserves TO Mike  Mike can execute SELECT queries on Reserves  Q2: GRANT SELECT ON Sailors TO Mike WITH GRANT OPTION  Mike can execute SELECT queries on Sailors  Mike can pass this privilege to others for Sailors NOT for Reserves  Q3: GRANT UPDATE (rating) ON Sailors TO Bill  Bill can update the rating column in the Sailors.

10 21.10 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang REVOKE Command  In SQL: REVOKE [GRANT OPTION FOR] privileges ON objects FROM user {RESTRICT | CASCADE}  Privileges are the same with GRANT  GRANT OPTION FOR: revoke just the grant option on a privilege  For example: Joe is the creator of the Sailors. Joe runs the following  GRANT SELECT ON Sailors TO Art WITH GRANT OPTION  REVOKE GRANT OPTION FOR SELECT ON Sailors FROM Art CASCADE  Art still holds SELECT privilege on Sailors  However, Art no longer can’t pass it on to other users

11 21.11 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang REVOKE Command (cont) CASCADE and RESTRICT  CASCADE: recursively revokes existing privileges  RESTRICT: revoking is rejected if resulting in other privileges becoming abandoned  For example: Joe is the creator of the Sailors  GRANT SELECT ON Sailors TO Art WITH GRANT OPTION (by Joe)  GRANT SELECT ON Sailors TO Bob WITH GRANT OPTION (by Art)  REVOKE SELECT ON Sailors FROM Art CASCADE (by Joe)  Art and Bob lost SELECT privilege on Sailors  What happens if we use RESTRICT instead of CASCADE in the example above?

12 21.12 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang Examples Example 1:  GRANT SELECT ON Sailors TO Art WITH GRANT OPTION (by Joe)  GRANT SELECT ON Sailors TO Bob WITH GRANT OPTION (by Art)  GRANT SELECT ON Sailors TO Bob WITH GRANT OPTION (by Joe)  REVOKE SELECT ON Sailors FROM Art CASCADE (by Joe)  Art lost the SELECT on Sailors  What about Bob? Example 2:  GRANT SELECT ON Sailors TO Art WITH GRANT OPTION (by Joe)  REVOKE SELECT ON Sailors FROM Art CASCADE (by Joe)  Does Art lose the SELECT on Sailors or not?

13 21.13 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang Authorization Graph  Nodes: Users  Arcs: Indications of how privileges are passes Joe Art Bob (Joe, Art, Select on Sailors, Yes) (Art, Bob, Select on Sailors, Yes)

14 21.14 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang

15 21.15 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang Example of View For example: Joe runs  CREAT VIEW ActiveSailors (name, age, day) AS SELECT S.sname, S.sage, R.day FROM Sailor S, Reserves R WHERE S.sid = R.sid AND S.rating > 6  Joe can grant SELECT on the view ActiveSailors to Art  GRANT SELECT ON ActiveSailors TO Art WITH GRANT OPTION  Art only has the access to the ActiveSailors, not the base tables  Art can run: –SELECT name FROM ActiveSailors WHERE age < 30

16 21.16 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang Role Roles are named groups of related privileges  Can be assigned to users and even to other roles  Reduced privilege administration  Dynamic privilege management Privileges can be granted to or revoked from roles, just like user SQL:1999 standard supports roles  CREATE ROLE Role-name  DROP ROLE Role-name  GRANT privileges ON objects TO Role-name

17 21.17 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang Example of Role Example CREATE ROLE manager GRANT SELECT, INSERT ON Sailors TO manager GRANT UPDATE (sid) ON Sailors TO manager GRANT SELECT, UPDATE, INSERT ON Reserves TO manager GRANT manager TO Joe

18 21.18 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang Mandatory Access Control Main drawback of discretionary access control (DAC):  Vulnerable to malicious attacks, e.g., Trojan horses whereby a devious unauthorized user can trick an authorized user into disclosing sensitive data.  DAC doesn’t impose any control on how info is propagated.  Supported by most commercial DBMSs. Mandatory access control (MAC):  Multilevel security:  Top secret, secret, confidential, and unclassified  Needed for government, military, and intelligence applications 

19 21.19 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang

20 21.20 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang

21 21.21 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang

22 21.22 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang

23 21.23 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang

24 21.24 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang Polyinstantiation Solution to the dilemma  Add one tuple with security class C:  101SalsaRedS  101Pasta BlueC  102PintoBrownC Polyinstantiation:  The presence of data objects that appear to have different values to users with different clearances.  E.g., the boat with bid 101

25 21.25 CSCI 5707, Spring 2004. University of Minnesota, Pusheng Zhang Comparison Between DAC and MAC Discretionary access control (DAC):  Flexible  Supported by most commercial DBMSs  Applicable to a large variety of domains  Vulnerable to Trojan Horses Mandatory access control (DAC):  Very Rigid  Not supported in most Commercial DBMSs  Only applicable in military, intelligence, and government  Prevent flow from higher to lower security level

Download ppt "CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004."

Similar presentations

7- Sicurezza delle basi di dati

7- Sicurezza delle basi di dati
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Lecture 8 Access Control (cont)

Lecture 8 Access Control (cont)
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Security and Authorization Chapter 21.

Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Security and Authorization Chapter 21.
Understand Database Security Concepts

Understand Database Security Concepts
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
Database Query Security

Database Query Security
Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.

Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.
Copyright © 2004 Pearson Education, Inc.. Chapter 23 Database Security and Authorization.

Copyright © 2004 Pearson Education, Inc.. Chapter 23 Database Security and Authorization.
Some slides were taken from 463.5.1 Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security.

Some slides were taken from Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security.
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.

Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
Security and Integrity

Security and Integrity
Database Management System

Database Management System
Database Security - Farkas 1 Database Security and Privacy.

Database Security - Farkas 1 Database Security and Privacy.
Temple University – CIS Dept. CIS616– Principles of Data Management V. Megalooikonomou Integrity Constraints (based on notes by Silberchatz,Korth, and.

Temple University – CIS Dept. CIS616– Principles of Data Management V. Megalooikonomou Integrity Constraints (based on notes by Silberchatz,Korth, and.
Ch4 Database Security. Security  Security - protection from malicious attempts to steal or modify data.  Database system level Authentication and authorization.

Ch4 Database Security. Security  Security - protection from malicious attempts to steal or modify data.  Database system level Authentication and authorization.
©Silberschatz, Korth and Sudarshan6.1Database System ConceptsTriggers A trigger is a statement that is executed automatically by the system as a side effect.

©Silberschatz, Korth and Sudarshan6.1Database System ConceptsTriggers A trigger is a statement that is executed automatically by the system as a side effect.
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
ICS 421 Spring 2010 Security & Authorization Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii at Manoa 4/20/20101Lipyeow.

ICS 421 Spring 2010 Security & Authorization Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii at Manoa 4/20/20101Lipyeow.

Similar presentations

Ads by Google